In this lab, you will learn how to secure your Alexa enabled IoT devices from vulnerabilities. You will use IoT Device defender to create an Audit that will identify overly permissive policies. You will then create an automated security remediation pipeline to update those policies.
Please login to the AWS Lambda Console and select Applications (on the left pane) -> reinventavsmqtt* application.
- Under Resources section, please select the Lambda function with Logical ID DeviceDefenderAuditLambda
- Click the Select a test event dropdown (top right corner) -> Choose Configure test events.
- A window will appear, keep everything default, put the Event name as test , click Create button
- This will configure the test event and bring you back to the lambda console
- Click on Test (top right corner) , check if the Execution Result is a success
- If it fails, check the logs to identify the problem. Ask support staff for help.
If step 3 is a success, proceed to validate if the audit settings are applied.
-
Navigate to the AWS IoT Console home page and click Defend (on the left pane) -> Settings
a. Check the audit "IoT policies overly permissive" is enabled (on the right pane).
b. Scroll down and Check the SNS alerts are configured
-
Navigate to Secure -> Policies (on the left pane) and click on the policy "reinventAvsPermissiveIoTPolicy"
a. You will notice the policy is wide open for all resources and actions.
In step 3 below, you will create an audit , which will identify any overly permissive policy in the AWS account and restrict it according to customer defined best practices.
-
Navigate to Defend -> Audit -> View Audit Results -> Click Create (right top corner)
Keep everything as default and click Create
You will be directed to the Audit Results page, please wait for the task to finish. It might take up-to 5 mins.
-
If the task is a success , please navigate back to Secure -> Policies (on the left pane) and click on the policy "reinventAvsPermissiveIoTPolicy".
- You will notice the policy is now restricted.
Navigate to the AWS Lambda Console and select Applications (on the left pane) -> reinventavsmqtt* application.
-
Under Resources section, please select the Lambda function with Logical ID DevDefenderResultsProcessorLambda
- Please check the lambda function code to understand , how the audit results are processed in real time, to remediate vulnerabilities on the IoT policy.
Congratulations! You now have succesfully built a security remediation pipeline, that will protect your devices in an automated fashion.